Whatever your industry, it’s critical to think about your cyber security posture in the right way.
Even if you’re already making a decent investment in a security operations centre or penetration testing, there will always be an avenue for attack. And while good cyber hygiene also plays a role – think firewalls, multi-factor authentication (MFA) and regular application updates – all it takes is a cracked window, and a bad actor can access your network. Once they’re in? There’s no knowing how far they’ll go.
In our latest podcast, our executives, Anders Reeves and Luke Potter, talk about why we need to challenge the way cyber security works – not just the steps that organisations could (and should) be taking, but how the wider industry needs a bit of a rethink. We’ve captured the key takeaways below.
What’s the issue with current thinking and methods?
The industry is notorious for using a one-size-fits-all approach to cyber security, but in reality, this simply doesn’t work. Even the most robust measures have entry points and weaknesses, and it can only take something small to wreak serious damage. Risks also deepen over time as common vulnerabilities become more widely known and hackers’ tactics develop. That’s why we focus on continuous cyber security – because constant vigilance and probing is the only way to keep up.
We recently worked with a business with a mature cyber security stance that was doing everything right on paper, but lacked that continuous approach. Our Swarm managed to find a way in – a compromised company email address, followed by MFA, and finally a vished (spoof) call to the helpdesk from an employee number – for a network takeover. Our activities weren’t flagged because the means were legitimate, and it all stemmed from a single phishing email targeted at a single individual.
What’s the answer?
At CovertSwarm, we believe in the cyber value proposition (CVP). Cyber needs to be thought of as a strategy in its own right, and organisations must consider how they’re protecting their most important assets. After all, you wouldn’t have the crown jewels on display without posting a permanent security guard, so why should your applications be any different?
A CVP needs to be a three-pronged approach to cyber security, covering three stages: - Assess: Expose vulnerabilities and build a continuous picture of your organisation.
- Attack: Simulate attacks, from proof-of-concept and penetration testing to ethical hacking and red-teaming.
- Mitigate: Use intelligence to strengthen and protect applications and upskill your teams.
So, to really be of long-term benefit, we’re not talking about a slice of budget for annual testing or the odd training workshop, but a continuous, relentless, real-time approach.
How do I develop a CVP?
For a successful CVP, break the journey down into steps.
Using our ‘crown jewels’ metaphor, think about the prize you’re protecting and work backwards. This prompts thinking about your approach and challenges your ‘cultural norms’ (like that yearly penetration test).
Calculate the value of each role that’s involved – for example, a SOC analyst might be tasked with monitoring systems, but through their work, they help to identify and prevent threats to your cyber security.
Now, think even bigger. If you’ve got monitoring covered, you’ve got QA processes in place. And this means you can then enhance your speed, capability, quality and functionality.
This is the role we play at CovertSwarm: we’re the link between commercial and cyber propositions.
What are the benefits of a CVP?
With a CVP, you can encourage every one of your employees to take responsibility for their organisation’s cyber security. They’ll be your eyes and ears on the ground, flagging and reporting suspicious activity while the danger’s fresh. In other words, it creates a culture of cyber security. Your employees will:
Constantly learn, share and develop their cyber security skills and awareness.
Learn to be vigilant and recognise when your organisation is under attack.
Be better educated and equipped to deal with threats if and when they arise.
Feel protected against being targeted or vilified if they make mistakes.
Embrace discussions about the need to change and constantly improve.
To encourage that honesty, set an internal bounty – like a gift card – and reward the behaviour you want to see in the same way you would for an employee meeting a sales target. However, don’t be tempted to punish mistakes. We’re all human, and can all easily fall victim to bad actors, dodgy downloads or phishing links.
What are the challenges of a CVP?
As with anything that requires a decent chunk of the budget, cost will always be a barrier to cyber security. However, positioning cyber security as a key strategy that offers continuous protection – rather than an afterthought that’s only considered when you’ve already put your business at risk – can help demonstrate the value it brings.
The most important thing to remember about cyber security is there’s really no ‘silver bullet’ to prevent attacks or protect against them. Even those who train their users, adhere to best practices, are industry certified and carry out penetration testing will still get breached. It’s a constant ‘arms race’ between the adversaries and the defenders – but that’s why it’s all about the approach, and why continuous compromise is the only way to stay protected.
Why is an integrated CVP approach so beneficial?
There’s a tendency for individuals to think of cyber security as an unfathomable ‘dark art’, but the reality is that our work – and that of the wider industry – is a blend of expertise, knowledge and skill, with overlap and interplay between development, security and service teams.
Some businesses have separate teams working on a service or product, then expect a red team or one-off penetration test to expose everything in a matter of weeks. But it’s not a case of ‘us versus them’, ‘attack versus defence’ or ‘red team versus blue team’. We need to understand functionality as it’s created and developed – in real time – as well as the end result. And we need to exploit the cross-pollination between skill sets. It’s the best way to combat waves, breaches and zero days as they happen.
Why choose CovertSwarm for my CVP?
We favour a relentless approach to defending and protecting organisations. So, as well as providing continuous cyber security, our Swarm is continuously growing. We’re also active in our sector, challenging industry norms, sharing our insights and evolving with the times. We’re stronger when we work together, and it’s part of our mission to unite the industry for the greater good.
We also believe that the industry currently isn’t working, and want to disrupt the way others approach their own cyber security methods and thinking. We don’t carry out generic training or testing. Our difference is we tailor our approach to you and your platform – your structure, your code base, your data centre – so it’s personal and relevant. It’s the reason we’re handling the cyber security of over 70 organisations around the world – and why we’re best-placed to handle yours, too.
Get in touch with us
Our team supports both organisations and industry players with all things cyber security, from pooling knowledge to strengthening defences. Here’s how we can help.
Need a CVP for your business? Call in the Swarm.
Want unique cyber security insights? Listen to our latest Podcast.
Got an insight to share, or looking to join one of our hives? Get on board.
Whatever you need, we are always on hand to help.